Share via

unable to perform client push with SCCM, i think the problem is certificate related

mmarosz1 46 Reputation points
2021-08-25T23:19:22.717+00:00

Hello Community,
-i went through the steps as per a course ive purchased to have a virtual pc/network lab setup:
-i am running hyper-v on 2 different physical win10 pcs
-one physical win10 pc's hyper-v has 2 virtual pcs running win2016 server
-one is a domain controller (dc01), and the other is the sccm server (sccm01)
-the other physical win10 pc's hyper-v has 2 virtual pcs running win10 (vm10-111, and vm10-112, note, these virtual win10 pcs are not a direct part of this question)
-i went through the steps in the course to install sccm, and i feel i have installed sccm successfully (there are a lot of steps, so i will not list them all here, but i think i may have missed or were not shown any that involve certificates, and possibly distribution points)
-i can open the cm (console manager program), i have created a boundary, and i have discovered all of the virtual pcs on the virtual network (meaning dc01, sccm01, vm10-111, and vm10-112)
-however,
-when i right click on dc01 (in the "cm, assets and compliance, overview, devices" section), and i select "install client", it fails
-on dc01, a folder (c:\windows\ccmsetup...) and its contents are created, but on dc01 in the control panel, there is no "configuration manager" option
-also, on dc01, c:\windows\ccmsetup\logs\ccmsetup.log is full of errors
-i think the log is saying i have certificate problems, and i was hoping someone could confirm if that is right
-and if it is right, if they could point me to a place that describes the whys and the specific steps to correct this
-so, ...here is the latest log entry from c:\windows\ccmsetup\logs\ccmsetup.log after clicking "intall client"
-gratitude expressed in advance!

==========[ ccmsetup started in process 2336 ]========== ccmsetup 8/25/2021 11:34:33 AM 2340 (0x0924)
Running on platform X64 ccmsetup 8/25/2021 11:34:33 AM 2340 (0x0924)
Updated security on object C:\Windows\ccmsetup\cache. ccmsetup 8/25/2021 11:34:34 AM 2340 (0x0924)
Launch from folder C:\Windows\ccmsetup\ ccmsetup 8/25/2021 11:34:34 AM 2340 (0x0924)
CcmSetup version: 5.0.9049.1003 ccmsetup 8/25/2021 11:34:34 AM 2340 (0x0924)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 8/25/2021 11:34:34 AM 2340 (0x0924)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 8/25/2021 11:34:34 AM 2340 (0x0924)
In ServiceMain ccmsetup 8/25/2021 11:34:34 AM 2824 (0x0B08)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 8/25/2021 11:34:34 AM 2824 (0x0B08)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 8/25/2021 11:34:34 AM 2824 (0x0B08)
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0 ccmsetup 8/25/2021 11:34:34 AM 2824 (0x0B08)
OS is not Win10RS3+, ENDOK. ccmsetup 8/25/2021 11:34:34 AM 2824 (0x0B08)
[DC01] Running on 'Microsoft Windows Server 2016 Datacenter Evaluation' (10.0.14393). Service Pack (0.0). SuiteMask = 400. Product Type = 18 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /ignoreskipupgrade /config:MobileClient.tcf ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
SslState value: 224 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
CCMHTTPPORT: 80 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
CCMHTTPSPORT: 443 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
CCMHTTPSSTATE: 1216 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
CCMHTTPSCERTNAME: ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
FSP: ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
CCMCERTSTORE: MY ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
CCMFIRSTCERT: 1 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
CCMPKICERTOPTIONS: 1 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
MANAGEDINSTALLER: 0 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Begin searching client certificates based on Certificate Issuers ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Completed searching client certificates based on Certificate Issuers ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Begin to select client certificate ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
There are no certificates in the 'MY' store. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Failed to read assigned site code from registry. Error code = 0x80070002 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Unexpected row count (0) retrieved from AD. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
GetADInstallParams failed with 0x80004005 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Begin searching client certificates based on Certificate Issuers ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Completed searching client certificates based on Certificate Issuers ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Begin to select client certificate ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
There are no certificates in the 'MY' store. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
MP 'HTTPS://SCCM01.sccmlab.com' is HTTPS. Client does not allow to use PKI issued cert and is not AAD capable. Ignoring this MP. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
No MP or source location has been explicitly specified. Trying to discover a valid content location... ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Looking for MPs from AD... ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Unexpected row count (0) retrieved from AD. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
GetADInstallParams failed with 0x80004005 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Couldn't find an MP source through AD. Error 0x80004005 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
No valid source or MP locations ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Sending state '322'... ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 2147500037 ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
OS is not Win10RS3+, ENDOK. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Failed to get client version for sending state messages. Error 0x8004100e ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
[] Params to send '5.0.9049.1003 Deployment "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /ignoreskipupgrade /config:MobileClient.tcf' ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
A Fallback Status Point has not been specified and no client was installed. Message with STATEID='322' will not be sent. ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Failed to send status 322. Error (87D00215) ccmsetup 8/25/2021 11:34:36 AM 2824 (0x0B08)
Failed to connect to policy namespace. Error 0x8004100e ccmsetup 8/25/2021 11:34:36 AM 2340 (0x0924)
Failed to revoke client upgrade local policy. Error 0x8004100e ccmsetup 8/25/2021 11:34:36 AM 2340 (0x0924)
Sending state '301'... ccmsetup 8/25/2021 11:34:36 AM 2340 (0x0924)
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 2147500037 ccmsetup 8/25/2021 11:34:36 AM 2340 (0x0924)
OS is not Win10RS3+, ENDOK. ccmsetup 8/25/2021 11:34:36 AM 2340 (0x0924)
CcmSetup failed with error code 0x80004005 ccmsetup 8/25/2021 11:34:36 AM 2340 (0x0924)

Microsoft Configuration Manager
0 comments
Accepted answer
  1. AllenLiu-MSFT 43,061 Reputation points Microsoft Vendor
    2021-11-30T07:28:08.103+00:00

    Hi, @mmarosz1

    It's glad to hear that you got the client installed.

    Normally, ccmsetup service will stop automatically after the client installed successfully or completely failed, in your situation, the installation failed because of the client package is not distributed to DP, so it will keep retrying for 7 days unless we stop it manually.

    Not all error message in the log is meaningful, if it does not interrupt the client installation, we may ignore it.

    If you have any questions in future, we warmly welcome you to post in this forum again, you may start a new thread for new question.

    And a little suggestion, we'd better hide the private information(such as domain name, FQDN, IP address...) when we post the log snippet.

    0 comments

33 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. mmarosz1 46 Reputation points
    2021-11-30T03:07:38.417+00:00

    you said:
    ""iis 6 wmi compatibility" is needed "
    -i checked the iis role on sccm02 and this was not enabled
    -so i installed it, and it said "installation succeeded"
    -then i restarted sccm02, logged back into the sccmlab02 domain
    -then i ran the client install again
    -then it installed normally
    -im going to try to attach the log file for this
    -this is "ccmsetup-2021-11-29d.log"

    question: are the errors in this log still important to resolve?
    eg,
    "failed to read assigned site code from registry. error code = 0x80070002"
    "failed to get client version for sending state message. error 0x8004100e"
    "there are no certificates in the 'MY' store"

    ================

    also, i did not re-install the DP role at this point, but i plan on doing that in the future, eg to test doing that

    ================

    -so, it seems the wmi part of the iis role solved my problem

    -there are so many other questions i have, they boil down to interpreting the errors in the logs, and using certificates, but i'm thinking i should i make other posts for those questions as i am solved at the moment (i cannot wait to continue to the online course i am taking on this)!

    -do you have anything else to point out, or direction to point me in? ...other wise i will mark this as (very) answered

    153535-ccmsetup-2021-11-29d.log

    1 person found this answer helpful.
    0 comments
  2. mmarosz1 46 Reputation points
    2021-08-26T02:53:32.137+00:00

    -update: ...this is not an answer, it is an update to the question:
    -i found some info about installing "ad certification authority" on the domain controller, and then duplicating certain certificate templates and their properties (including the security properties), and i ran the "client install" again, and although the certificate part seemed to get further, it still failed

    -it seems to not be able to read from the registry, and the "MP" is not compatible
    -i think "MP" means management point?
    -here is the new log after running the "install client " option again, and i hope this message in a bottle reaches someone....

    ==========[ ccmsetup started in process 2864 ]========== ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    Running on platform X64 ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    Updated security on object C:\Windows\ccmsetup\cache. ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    Launch from folder C:\Windows\ccmsetup\ ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    CcmSetup version: 5.0.9049.1003 ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    In ServiceMain ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    OS is not Win10RS3+, ENDOK. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    [DC01] Running on 'Microsoft Windows Server 2016 Datacenter Evaluation' (10.0.14393). Service Pack (0.0). SuiteMask = 400. Product Type = 18 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /ignoreskipupgrade /config:MobileClient.tcf ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    SslState value: 224 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CCMHTTPPORT: 80 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CCMHTTPSPORT: 443 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CCMHTTPSSTATE: 1216 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CCMHTTPSCERTNAME: ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    FSP: ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CCMCERTSTORE: MY ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CCMFIRSTCERT: 1 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CCMPKICERTOPTIONS: 1 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    MANAGEDINSTALLER: 0 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Begin searching client certificates based on Certificate Issuers ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Completed searching client certificates based on Certificate Issuers ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Begin to select client certificate ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    2 certificate(s) found in the 'MY' certificate store. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    The 'MY' of 'Local Computer' store has 2 certificate(s). Using custom selection criteria based on the machine name. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Machine name is 'DC01.sccmlab.com'. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Begin validation of Certificate [Thumbprint 0B3BBE1DD74EC1038A8050B5D6A2976DA58591E1] issued to 'DC01.sccmlab.com' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Allowing usage of CNG key storage. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    The Certificate [Thumbprint 0B3BBE1DD74EC1038A8050B5D6A2976DA58591E1] issued to 'DC01.sccmlab.com' has 'Client Authentication' capability. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Completed validation of Certificate [Thumbprint 0B3BBE1DD74EC1038A8050B5D6A2976DA58591E1] issued to 'DC01.sccmlab.com' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)

    >> Client selected the PKI Certificate [Thumbprint 0B3BBE1DD74EC1038A8050B5D6A2976DA58591E1] issued to 'DC01.sccmlab.com' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)

    Failed to read assigned site code from registry. Error code = 0x80070002 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=100))' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    OperationalXml '<ClientOperationalSettings><Version>5.00.9049.1004</Version><SecurityConfiguration><SecurityModeMask>1024</SecurityModeMask><SecurityModeMaskEx>1216</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><PKICertOptions>1</PKICertOptions><SiteSigningCert>308202EF308201D7A0030201020210793AD212349F0FBA47D3E546D4F2581D300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3231303830373232353633375A180F32313231303731353232353633375A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB7BBD5E2EC5E4483CEDB43DB61BB299298886C7295ADBFB8742DEB7607BA0EC299566935ADADBBAB0659DF4AA0B51B23414E3906863F674A0708A514ABB21BB8583B6E20E45561AAD6B2570EFC1894ABFA1B68B961ED9B6ACDF589F51160802AB53BEB3086B1375F40D87B8F14A2BA2BFF492DBE34910997FCEEB659328F198C5FF80E7B5ECFEFCA573C0D3EB358146D7E9F3EDAB85676AFDDDD5A1D60CF8D38267A1425D9C80F8A1C4C3FCD30E5B23979F3B580360C30A473460787EF0613084E8CEF90F7DBF892A20065FC3B69F423DE48894FE0DC00F68EA3C774987DE41709A08FBA26B7D9D08C5499470780D597825457453D1D82AA315E31BF5AB40AF0203010001A3373035301D0603551D110416301482125343434D30312E7363636D6C61622E636F6D30140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B050003820101000F9CC30690A0EF77EF258703D2B7E80ADB011FA7C18C718E2EC637C88A2DD370C6F6A2DC0AFB4ACD532DB5C4842B0F1F68F44E71BF556DA8253529A0B350BDE46D0691605D6CA0DB0CFC4D0494CA12B0ECCC4B16F0C5E278CFB70C941E77DB85EB0C2F0EC65077292938C0D8F497D63188430E96BCC48F927560EF66FE053BA106620FA2E698AE97B3693C96911C390D34FBD2F5CE3067E5178917A217B69FE588C068F1C588A8B4FFA60B36982B8DDAAFE6AE67C64232E60B3F83B95580DBA9064AD5612763517B40A3F04D000C59D1E1F7FB81A01B33ECF6D99A5C4261FECC69B3A51400CACEBBBC6BA831680D3FDE4023BDB1F998A609F30883C580082F85</SiteSigningCert></SecurityConfiguration><RootSiteCode>100</RootSiteCode><CCM> <CommandLine>SMSSITECODE=100</CommandLine> </CCM><FSP> <FSPServer></FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSL" Version="1" /><Property Name="SSLState" Value="31" /></Capabilities><Domain Value="sccmlab.com" /><Forest Value="sccmlab.com" /><AADConfig Version="1.0"><Tenants></Tenants></AADConfig></ClientOperationalSettings>' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    The MP name retrieved is 'SCCM01.sccmlab.com' with version '9049' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="31"/></Capabilities>' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    MP 'SCCM01.sccmlab.com' is not compatible ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Retrieved 0 MP records from AD for site '100' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    No AAD tenants information found. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Persisted AAD on-boarding info. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    FromAD: command line = SMSSITECODE=100 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Local Machine is joined to an AD domain ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Current AD forest name is sccmlab.com, domain name is sccmlab.com ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Domain joined client is in Intranet ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CMPInfoFromADCache requests are throttled for 01:07:09 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Successfully refresh bootstrap information from AD. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Begin searching client certificates based on Certificate Issuers ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Completed searching client certificates based on Certificate Issuers ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Begin to select client certificate ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    2 certificate(s) found in the 'MY' certificate store. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    The 'MY' of 'Local Computer' store has 2 certificate(s). Using custom selection criteria based on the machine name. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Machine name is 'DC01.sccmlab.com'. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Begin validation of Certificate [Thumbprint 0B3BBE1DD74EC1038A8050B5D6A2976DA58591E1] issued to 'DC01.sccmlab.com' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Allowing usage of CNG key storage. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    The Certificate [Thumbprint 0B3BBE1DD74EC1038A8050B5D6A2976DA58591E1] issued to 'DC01.sccmlab.com' has 'Client Authentication' capability. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Completed validation of Certificate [Thumbprint 0B3BBE1DD74EC1038A8050B5D6A2976DA58591E1] issued to 'DC01.sccmlab.com' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)

    >> Client selected the PKI Certificate [Thumbprint 0B3BBE1DD74EC1038A8050B5D6A2976DA58591E1] issued to 'DC01.sccmlab.com' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)

    MP 'HTTPS://SCCM01.sccmlab.com' is HTTPS. Client does not allow to use PKI issued cert and is not AAD capable. Ignoring this MP. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    No MP or source location has been explicitly specified. Trying to discover a valid content location... ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Looking for MPs from AD... ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CMPInfoFromADCache requests are throttled for 01:07:09 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    No AAD tenants information found. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Persisted AAD on-boarding info. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    FromAD: command line = SMSSITECODE=100 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Current AD forest name is sccmlab.com, domain name is sccmlab.com ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Domain joined client is in Intranet ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    CMPInfoFromADCache requests are throttled for 01:07:09 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    No valid source or MP locations ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Sending state '322'... ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 2147500037 ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    OS is not Win10RS3+, ENDOK. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Failed to get client version for sending state messages. Error 0x8004100e ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    [] Params to send '5.0.9049.1003 Deployment "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /ignoreskipupgrade /config:MobileClient.tcf' ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    A Fallback Status Point has not been specified and no client was installed. Message with STATEID='322' will not be sent. ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Failed to send status 322. Error (87D00215) ccmsetup 8/25/2021 10:34:51 PM 1816 (0x0718)
    Failed to connect to policy namespace. Error 0x8004100e ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    Failed to revoke client upgrade local policy. Error 0x8004100e ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    Sending state '301'... ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 2147500037 ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    OS is not Win10RS3+, ENDOK. ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)
    CcmSetup failed with error code 0x80004005 ccmsetup 8/25/2021 10:34:51 PM 1668 (0x0684)

    0 comments
  3. AllenLiu-MSFT 43,061 Reputation points Microsoft Vendor
    2021-08-26T07:28:23.75+00:00

    Hi, @mmarosz1
    Thank you for posting in Microsoft Q&A forum.

    It seems that you have configured MP as https mode at first, so the client installation require a certificate, but you do not deploy any certificates for SCCM.
    If we configure the MP as http mode, we can install the clients without a certificate.

    For now, seems you have import the certificate to the client, but it looks like the PKI certificate does not meet the requirements.

    Here is a step by step guidance to deploy PKI Certificates for SCCM:
    https://www.prajwaldesai.com/deploy-pki-certificates-for-sccm-2012-r2/

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  4. mmarosz1 46 Reputation points
    2021-08-26T22:15:02.64+00:00

    Hello AllenLiu,
    -thank you for replying
    -i went through the info you provided the link to, but i dont think that is my immediate problem
    -indeed, i need to look at that info again after i figure what i think my immediate problem is
    -this is why i think i have a different immediate problem:
    -i dont think i have a management point in the 1st place, ...if that is possible....
    -in the sccm console program, i went to "administration, overview, site configuration, servers and site roles", i right clicked on my 'site' (im not sure if thats the right term, it is the only item/row in the main body of the console when i select "...site configuration, servers and site roles"), i select "add site system roles" from the context menu and it starts the "add site system roles" wizard, i click next with no changes on the first 2 tabs, then on the "system role selection" tab, in the "specify roles for this server" list, there is no option labeled "management point" to select
    -so, im thinking i may have not installed or configured a management point properly
    -does this seem possible to you?
    -again....thank you very much for your help...